#9827 Add settings to sssd conf to speed up id lookups
Opened 17 days ago by mobrien. Modified 16 days ago

Describe what you would like us to do:


As per https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/tuning_performance_in_identity_management/assembly_tuning-sssd-in-idm-servers-and-clients-for-large-idm-ad-trust-deployments_tuning-performance-in-idm#tuning_options_for_idm_clients

The setting ldap_deref_threshold in /etc/sssd/sssd.conf file should be set to 0 on all clients. On basic testing an initial id mobrien call after clearing the cache went from ~30s to ~10s and following id calls for other users were almost instant.

@arrfab

When do you need this to be done by? (YYYY/MM/DD)



Can this be added as a drop in on /etc/sssd/conf.d/<foo.conf> or does this need changes in /etc/sssd/sssd.conf ?

when I found that setting and that it was speeding up things at the centos side, I asked mark to test it too
using ansible lineinfile to have it in the [domain\fedoraproject.org] section is probably the best way (so main /etc/sssd/sssd.conf, as stated in the official doc)

Metadata Update from @mohanboddu:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble, ops

16 days ago

Metadata Update from @mohanboddu:
- Issue tagged with: authentication

16 days ago

@smooge made patch to fix the issue, this fix will supersede that patch and any conflict due to that should be resolved.

Login to comment on this ticket.

Metadata
Boards 1
ops Status: Backlog